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Patch Catalog 


patchStatus: "Missing" 
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TOP 10 VULNERABILITIES 


Introducing Qualys Patch = nn coe 
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Vulnerability Management Lifecycle 


Asset Vulnerability 
Inventory _— Management 
ae `= Threat Risk and 
Patch Prioritization 
Management 
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Expanding Vulnerability Management 


Containers © Private Cloud 
А [OSSY 
loT Devices 4 d 549 ICS / SCADA 
о 0 °° 
Mobile Devices È . ` 9 @ EM Т. 1 Workstations 
© o 
e 
Public Cloud és On Premise 
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Case Study: Large US Bank 


Challenge 


Difficult to prioritize 
vulnerabilities across 100,000 
endpoints 


Manual correlation of external 
threat data 


No active alerting on high- 
threat vulnerabilities 


Low visibility into workstations 


Solution 


Threat Protection RTIs automates 
prioritization 


Threat Protection Live Feed 
provides one-click access to 
impacted assets 


Continuous Monitoring combined 
with RTIs 


Qualys Cloud Agent for 
continuous and complete visibility 
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ilnerability Management 


Platform Evolution 


ОЈ Qualys. 


Elastic VM Dashboard 


Merges AssetView 


technology into Qualys VM ` 


Build widgets with Sn 
vulnerability counts Se 


VULNERABILITIES BY SEVERITY VULNERABILITIES BY TYPE 


Search filters for quickly | 
building queries 7 E 
Ё 


Replace long-running 
reports with live widgets тело тилиги wos VULNERABLE or 


EOL/Obsolete Software: Microsoft Internet Information Services (IIS) 5.x.. 28978 
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REOPENED 


Opening Up the VM Detections Platform 


Custom Remote Detections 


IPcam_QRDI.json € 


{ 
Qualys Remote Detection a ыннаны S s 
| nterfa Ce (QRDI) ee 


Create your own or share on 
Qualys Community 


Supports HTTP(S) and raw TCP 


Regex grouping and capturing 
LUA scripting for advanced logic 
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Elastic VM Dashboard 


Qualys Patch Management 


Overview 


Current Patch Manual correlation of 


vulnerability to patch leads 


Management Tools to delayed mean-time-to- 


Challenges and Impact Waiting for vulnerability 
reports to confirm the patch 


has fixed the vulnerability 


Remote systems only 
patched when connected to 
corporate network 


A Limited or no coverage of 


third-party apps 


Multiple patching solutions 
for each OS type 


@ Qualys 


Introducing Automated correlation of 
vulnerability and patch data - 


Qualys Which patch fixes the CVE? 
Patch Management Simple dashboarding for 


tracking patch deployments 


® Qualys. Enterprise 


Patch Management DASHBOARD PATCHES ASSETS DEPLOYMENT JOBS CONFIGURATION Mahesh Jambhulkar (quays_ma21) 


CNET Patch using the Qualys Cloud 
Agent, anywhere 


patchStatus: "Missing" 


104 -— 


Total Patches 


EST iem meter tem A ҮЕ rom = = 0 Patch OS and third-party 
Published on Mar 29, 2018 04099950 
issing 04 E š 
Installed o Security Only updates for .NET Framewo.. Ü  MS18-08-SONET-43456.. APP - ШШШ 1 0 
E m applications 
OS FAMILY 
e lecurity Only update for ‚NET Framewor... ©  MS18-07-SONET-43400.. OS - 0 
Union Jul 09, 2018 04338612 
‚Net 
Internet E nly update for ‚NET Framewor... © MS18-01-SONET-40552.. OS 911 1 0 
SQL Server 6 n Jan 08, 2018 Q4054176 2 * š ë 
Visual C+ 
VMware Tools 10.2.0 Ò vmwroz2 APP 370713 0 | N e - S © U | O N O r | N O W S 
VENDOR Published on Dec 14,2017 — | | | QVMWT1020 J 
Microsoft 83 VirtualBox 5.2.4 © ove-007 APP 370377 поте 0 
Oracle 11 Published on Dec 19, 2017 Qo d Й а | U x 
VMware o 
Preview of Monthly Rollup for Windows .. ©  MSNS18-05-QP7-41037.. OS - none Л 0 
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Shift From 
Reaction Mode to 
Operational Security 


Always up-to-date on 
missing patches 


Security and IT teams can 
“speak the same language” 


Collaboration -key to 
successful digital 
transformation 


Unify discovery, prioritization, 
anA remediation ШО one 


platform 


Rapid remediation of high- 
profile vulnerabilities in days 
vs. weeks 


Regularly scheduled 
deployments are repeatable 
and reported on 


[e] Qualys. 


Patch Management 


Beta 


Platform Support 


= 
ERI 
XP SP3+ 
Vista 
Windows 7 
Windows 8/8.1 
Windows 1O 
Server 2003 SP2+ 
Server 2008/R2 
Server 2012/R2 
Server 2016 


I 


OS X 10.10 
Yosemite 


OS X 10.1 
El Capitan 


macOS 10.12 
Sierra 
macOS 10.13 
High Sierra 
macOS 10.14 
Mojave 


RHEL 6,7 
CentOS 5.4+,6,7 


SUSE Linux 
Enterprise Server/ 
Desktop 11,12,15 


Oracle Ent Linux 
6,/(Server) 


Ubuntu 14.x,15.x,16.x, 


18.x 
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Roadmap 


Beta: Q4 2018 - Windows patch deployment 
General Availability: Early 2019 


Beta 1 Beta 2 Upcoming 
Windows patching On-prem Caching of Mac patching 
(desktops and servers) => patches (QGS) => 


Linux patching 


Direct download from 
Qualys serves patches 


vendors for off-prem Repository integration 
Third party Windows Additional tokens for Automation Rules & 
applications dashboarding Approval workflows 


@ Qualys. 


Jnified Dashboards 


Overview 


@ Qualys. Enterprise 


Unified Dashboard 


ө e 
Unifie 
> Last 30 Days Y © 
D a S hb O a rd SOFTWARE LIFECYCLE DISTRIBUTION TOP EOL SOFTWARE CATEGORIES TOP EOL SOFTWARE PUBLISHERS 
Not Applicable ` Samba >` 
=! \ 


Build dashboards with 
widgets from multiple — Wisi — 
Qualys Cloud Apps | 

10.4K 


Target servers, containers, | | 
instances, web apps, etc. 
using Asset Tags ASSETS WITH VULN EXPLOIT... 


Unified Dashboard 


Preview 


Unified Dashboard Rollout 


Phase 1 Phase 2 
Unified Dashboard App Unified widget builder 


| Upgrade existing Cloud 
Global dashboard filters Moe 


Support Tor: Support for: 


Oooo coco 
0000 oo 
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QUALYS SECURITY CONFERENCE 2018 


@sc. 


Thank You 


Jimmy Graham 
jgraham@qualys.com 


QUALYS SECURITY CONFERENCE 2018 


@sc. 


Digital Transformation is Driving IT 
Transformation for Organizations 


'oogle Cloud Platform 


Private Clouds 


Public Clouds 
Internet 
Enterprise On Remote 
Premise End Users 
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... But creates new Challenges for Security 


Don't know how many assets you have 
Don't know when those assets are running 
Credential issues / Authentication failures 

Monthly / weekly scanning too slow [WannaCry] 
Can't scan remote users 
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Qualys Sensors 
Scalable, self-updating & centrally managed 


IONS 
Physical 


Legacy data 
centers 


Corporate 
infrastructure 


Continuous 
security and 
compliance 
scanning 


9 


Virtual 


Private cloud 
infrastructure 


Virtualized 
Infrastructure 


Continuous 
security and 
compliance 
scanning 


® 


Cloud/Container 


Commercial laaS & 
PaaS clouds 


Pre-certified in 
market place 


Fully automated with 
API orchestration 


Continuous security 
and compliance 
scanning 


© 


Cloud Agents 


Light weight, multi- 
platform 


On premise, elastic 
cloud & endpoints 


Real-time data 
collection 


Continuous 
evaluation on 
platform for security 
and compliance 


Passive 


Passively sniff on 
network 


Real-time device 
discovery & 
identification 


dentification of APT 
network traffic 


Extract malware files 
from network for 
analysis 


[s] 
API 


Integration with 
Threat Intel feeds 


CMDB 
Integration 


Log connectors 


Qualys Cloud Agent Platform 


© 


Lightweight 
Software 
Agent 


(collects metadata only) 


oe 
eo 


° `@ 
On-Premise 
Servers 
Public Cloud 


User 
Endpoints 


Windows 
Linux 
Mac 
AIX 
Cloud Native 


Delivers 
Multiple 
Security 
Functions in 
one Agent 
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Central Management / API fel 


Qualys Suite of 
Applications (ум) (т) (с) (~) (Fm) бос) 


Efficient Network Usage 50 - 350 KB / day 


(Delta Processing average) 


Lightweight Metadata 1.90 
Collection (tunable) 1-276 GPU 


Windows, Linux, Mac, AIX 3 MB application 
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Qualys Cloud Agent 


IT, Security, Compliance Apps 
Oo Asset Inventory 

Vulnerability Management 

Policy Compliance 

Indication of Compromise Detection 


ð File Integrity Monitoring 


Upcoming IT App (Beta November 2018) 


eo Patch Management 


OESKTOP-KVCUKSU 


Version. Status/Laat Chocked.in 


Agent Modules 


e c3 шп 


* Confiaursni— 


Tags 


Cloud , 
[ OPerai š 


Cloud í 
{ OPerai 


Cloud í 
[ ОРега! 


Сіоџа, 
[ OPera! 
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Try and Manage 
Apps on One 
Cloud Agent 


End the fight with IT to deploy 
security agents! 


Remove point-solution agents 
from your endpoints 


Consolidate security tools 


Activation Key 


Edit the activation key 


Turn help tips: On | Off x 


An activation key is used to install agents. This provides a way to group agents and better manage your account. By 
default this key is unlimited - it allows you to add any number of agents at any time 


Title Global_user_endpoints 
{ global_user_endpo. 


Provision Key for these applications 


Vulnerability Management 
98919 Licenses Remaining 


File Integrity Monitoring IOC 
998 Licenses Remaining 


Set limits 


Select | Create 


Policy Compliance 
99134 Licenses Remaining 


Indication of Compromise 
96 Licenses Remaining 


Unlimited Key 
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Cloud Agent 


No scan windows needed - always collectin 
Extends | dis y 9 
Find vulnerabilities faster 


Network Scanning Detect a fixed vulnerability faster 


Many new Apps only available on Agent 


© Best for assets that can’t be scanned 


Unable to get credentials / authentication 


Ih failures 


Remote systems in branch offices / NAT 
Roaming user endpoints 


Cloud / Elastic deployments 
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Cloud Agent Adoption 


(Units in millions) 


Number of Cloud Agents Sold 


LTM LTM LTM LTM 
Q4 2017 Q1 2018 Q2 2018 Q3 2018 


@ Qualys 


Cloud Agent VM Usage and 
Growth Drivers 10,000,000s ИШЕТ EEE 


- Visibility + Lightweight 
agent increases 
adoption 


1,000,000 


- Increase endpoints 
s 


u - Increase in public cloud 
- Capture migration from 
- Growth in endpoint on-premise servers to 
deployments public cloud 
2017 (50-300K) 
for Servers (AWS primarily) 


100,000s 


Deploy on servers to - Initial adoption for - Initial work to build 
overcome customer end-users CA into CI/CD/ 
limitations with their network (WannaCry) DevOps pipelines 
scanning 
- Auth issues - Early CA deployments 

in AWS and Azure 


- Scan windows 
- More frequent VM 
assessments Ò Qualys 


Cloud Agent CPU Tuning - Linux 


AWS EC2 


CPU Utilization ( Percent ) 


ins 


tic: Average 


not allowed to 
scan nano, 


VM: < 1.2% CPU peak usage for less than 15 


Time Range: 


micro, or small | 


t 12 Hours v | Period: e 
instances 


9 i 
|| f! ü 
0.801 $ | \ 
using network " | \ | \ 
scanning 


| | 
0.5% CPU when idle / 


09:00 


11:00 13:00 14:00 15:00 


AWS t2.micro instance running Cloud Agent 


Qualys 


S p Us een 


File Help 


Cloud Agent CPU Tuning - Windows 


xxm. Tx 5süagsimbig 

100 

90 

80 | 

° Tunable CPU Limit | 

60 : о Я | 
Example: 896 configured max on 1-core | 

< (Effective: <2% оп 4-соге) | 

40 

30 

20 

10 | 

0 | : 

4:13:22 PM 9:30:26 AM 
MORSU 530:00PM — 6:30:00 PM 7:30:00PM 8:30:00 PM 103000PM 113000РМ 123000АМ — 13000AM 23000АМ 33000АМ 43000АМ 53000AM 63000АМ 73000AM — 83000AM Tue 3/21/17 
KI = 

Last 0.060 Average 1327 Minimum | 0.000 Maximum | 99.890 Duration 17:17:03 

Show Color Scale Counter — — — Parent Object Computer 
LI 10 % Privileged Time Process 
a a 
M ——s i Tl. % User Time Process 

— = = eT 


London | 16 November 2017 


= See ee (@) Qualys. 


Cloud Native - Collect Provider Metadata 


. Google Compute 
AWS EC2 Microsoft Azure Platform 


accountld dnsservers hostname 

amild ipv6 instanceld 
availabilityZone location macAddress 
hostname macAddress machineType 
hostnamePublic name network 
instanceld offer privatelpAddress 
instanceType osType projectld 
kernelld privatelpAddress projectldNo 
macAddress publiclpAddress publiclpAddress 
privatelpAddress publisher zone 
publiclpAddress resourceGroupName 

region tags 

reservationld subnet 

securityGrouplds subscriptionld 

securityGroups version 

subnetld vmld 

VPCld vmSize 


Agent collects metadata locally © 
Qualys 


accountld 

ami-id 
ami-launch-index 
availabilityZone 
hostname 
imageld 


=> instance-id 


instance Type 
local-hostname 
local-ipv4 

mac 

privatelp 

profile 
public-hostname 
public-ipv4 
region 
reservation-id 
security-groups 


Cloud Provider Metadata «ws сс example) 


383031258652 

ami-d874e0a0 

2 

us-west-2a 
ip-172-31-36-214.us-west-2.compute.internal 
ami-d874e0a0 

i-03e86d77745bb2bba 

t2.micro 
ip-172-31-36-214.us-west-2.compute.internal 
172.31.36.214 

06:26:0c:74:c5:9a 

172.31.36.214 

default-hvm 
ec2-18-236-81-63.us-west-2.compute.amazonaws.com 
18.236.81.63 

us-west-2 

r-06e5580c2918a00ba 

launch-wizard-2 
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Cloud Instance Metadata Merge 
and Agent Dynamic License Management 


EC2 Connector — Available now 


aws.ec2.accountld 
aws.ec2.availabilityZone 
aws.ec2.hostname 
aws.ec2.hostnamePublic 
aws.ec2.imageld 


dws.ec2.instanceState 


aws.ec2.instance Type 
aws.ec2.kernelld 
aws.ec2.privateDNS 
aws.ec2.privatelPAddress 
aws.ec2.publicDNS 
aws.ec2.publiclPAddress 
aws.ec2.region.code 
aws.ec2.region.name 
aws.ec2.spotlnstance 
aws.ec2.subnetld 
aws.ec2.VPCld 


Automatically merge 
on Instance ID (Nov 


~œ Automated Rules (Dec 
2018) 
“When instanceState = 
TERMINATED, then remove Cloud 
Agent license” 


Cloud Agent - Available now 
aws.ec2.accountld 

aws.ec2.availabilityZone 

aws.ec2.hostname 

aws.ec2.imageld 
aws.ec2.instanceType 
aws.ec2.kernelld 
aws.ec2.privateDNS 
aws.ec2.privatelPAddress 
aws.ec2.publicDNS 
aws.ec2.publiclPAddress 
aws.ec2.region.code 
aws.ec2.region.name 
aws.ec2.subnetld 
aws.ec2.VPCld 
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Integrate Cloud Agent into DevOps 


О Q 
айм. N 
Use Cases for DevOps Use Cases for Security 
Build Cloud Agent into gold image or End-to-end lifecycle tracking - 
auto-deploy with CI/CD - self-service develooment, deployment, production, 
results from Qualys API/UI & integrations decommission 
Get vulnerability and configuration Same Cloud Agent across cloud, on- 
posture of OS and application along the premise, endpoint, hybrid 


DevOps pipeline 

Single platform as DevOps tools evolve 
Fix/verify security issues before going - Qualys Container Security, Jenkins 
into production integration, API automation, more 


© Qualys 


Cloud Agent - Microsoft Azure Integration 


Security Center - Overview > Recommendations 
Recommendations 


V aw 


MONITORING RECOMMENDATIONS TOTAL 
pp Data collection installation status 31 of 56 VMs === 
Virtual machines (classic) 
Virtual machines 
Я so. databases VIRTUAL MACHINES RECOMMENDATIONS TOTAL 
en Endpoint Protection not installed 4 of 56 VMs иш 
Security Center 
Missing scan data 11 of 56 VMs c=) 
Remediate OS vulnerabilities (by Microsoft) 5 of 56 VMs = 
Missing system updates 1 of 56 VMs 1 
Endpoint Protection health failures 1 of 56 VMs [| 
Missing disk encryption 5 of 56 VMs E= 
OS version not updated 2 of 4 Roles LES 
Vulnerabilities found 2 of 56 VMs u 
Healthy 6 of 60 VMs & Roles r 
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u 


Add a vulnerability assessment solution 


Nf Filter И Install on 2 VMs (=. 


VIRTUAL MACHINE ^ — SUBSCRIPTION NAME ^ STATE 


vm3 ASC D| 


vm4 ASC D 


Resol 


Add a Vulnerability Assessment 


Create New 


Use existing solution 


@, Qualys, Inc. 
== Qualys-VA 


^ 


SEVERITY 


^ 


A Medium 


@ Qualys 


RESOURCE GROUP 
SUBSCRIPTION 
VIRTUAL IP 
OPERATING SYSTEM 
VERSION 

STATUS 
MONITORING STATE 


PREVENTION STATUS 


Security Solutions 
SYSTEM UPDATES 


OS VULNERABILITIES 


VULNERABILITY SCANNER - 


PREVIEW 


Recommendations 


HS_RESOURCEGROUP 


Visual Studio Premium with MSDN 


Windows 

Compute 

Deallocated 

Monitored by Azure Security Center 


High severity 


Microsoft (Last scan time - 10/3/2016 1:22 PM) 


Microsoft (Last scan time - 10/3/2016 1:22 PM) 


Qualys (Last scan time - 10/3/2016 11:56 PM) 


41 


VULNERABILITY NAME ex 


Enabled DCOM 

Allowed Null Session 
Enabled Cached Logon Cre... 
Machine Information Discl... 
Microsoft Windows Explore... 
Windows Explorer Autopla... 
Access to File Share is Enab... 
ActiveX Controls Enumerated 
Antivirus Product Not Dete... 
Disabled Clear Page File 
Enabled Caching of Dial-up... 
Enabled Display Last Usern... 
File Access Permissions for... 
Host Scan Time 

Hyper-V Host Information ... 
Installed Applications Enu... 
Internet Protocol version 6 ... 
IPSEC Policy Agent Service... 
Message For Users Attempt.. 


LEPEEEEEEEEEEEEEEEEEE Т 


> 


a 


ï ï ï ï ï PP PPP ï ï ï ï ï ï PP 3 ë 


© High 
A Medium 
A Medium 
А. Medium 
A Medium 
А. Medium 
© Low 
© Low 
@ Low 
© Low 
@ Low 
@ Low 
© Low 
© Low 
© Low 
© Low 
© Low 
@ Low 
© Low 
© Low 
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ТИЛИНИНИ 


ï ï ï ï ï ï ï ï DE 


VULNERABILITY NAME 


SEVERITY 


DESCRIPTION 


SOLUTION 


Enabled DCOM 
© High 


The Distributed Component Object Model (DCOM) is a 
protocol that enables software components to 
communicate directly over a network. The Distributed 
Component Object Model (DCOM) is enabled on this 
system. 


Refer to Microsoft article Best Practices for Mitigating 
RPC and DCOM Vulnerabilities to obtain information 
on vulnerabilities in DCOM and ways to mitigate those 
vulnerabilities. Information on disabling DCOM can be 
found at the Microsoft Technet article called How to 
Disable DCOM Support in Windows. For disabling 
DCOM on Windows 7, Windows 8, Windows Server 
2008, Windows Server 2008 R2, and Windows Server 
2012 refer to Microsoft's article Enable or Disable 
DCOM. 
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Vulnerability Spread at Speed of DevOps 


s, and 


Create a resource Virtual machines ç Compute 


Default Dire 


All services + Add Edit columns *** More V Filter 


ES 


О | 
sa Recommended Red Hat 7.4 
EA RHEL74-CC1-Azure Marketplace 


resource groups 


App Services 


Function Apps EJ RHEL7S-CC2-Azure 


Image 


SQL databases ra RHEL75-CC3-USEast2-Azure 


© redhat 


Red Hat 
Enterprise Linux 
RedHat 


Azure Cosmos DB 


Windows Server Ubuntu Server SQL Server 2017 


Virtual machines Enterprise 


Microsoft Canonical Microsoft 


Load balancers 


Storage accounts Virtual Machine Images 


Virtual networks 


Azure Active Directory Quest Quest 


Monitor 


Unified RemoteScan Pivotal Cloud Aqua Container 
Communications Enterprise Foundry on Security Platform 


Quest Software ñ Quest Software R Pivotal Software. À Aqua Security À 


Advisor 


Security Center 
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Auto-Deploy Qualys Cloud Agen 


Create a resource 


All services 


Function Apps 


SQL databases 


P Azure Cosmos DB 


Virtual machines 


Load balancers 


Storage accounts 


Virtual networks 


Azure Active Directory 


Monitor 


Advisor 


Security Center 


Cost Management + B 


Help + support 


Security Center - Security soluti 


RESOURCE SECURITY HYG! 


Hi se 


THREAT PROTECTION 


š 
> 


CLOUD DEFENSE 


v Connected solutions (1) 


rity solutions currently conne 


© Healthy 


VIEW 


м Add data sources (5) 


Non-Azure computers 


s the soli 


Common Event Format 


UBLISHER 


Vulnerability Results 


RHEL74-CC1-Azure 


View Mode Vulnerabilities 


Asset Summary Select the severity you would like to view by 


наат seen) sev2 


Agent Summary Confirmed Vulnerabilities Potential Vulnerabilities 


B sev5 1 B sev5 0 
` 24 View 3 View 
Network Informati @ sev4 16 B sev4 0 


B sev3 7 Ш sev3 3 
Open Ports 
Installed Software 


Vulnerabilities 


Vulnerability Detection by Status In the last 7 Days 
Threat Protection RTIs 


File Integrity Monitoring Active Reopened Fixed 


Indication of Compromise 2 7 


Alert Notifications - x Co e 
Potentia 'otent Potentia 
Azure VM Information 
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Threat Protection Exploitability © 


View Mode 

Asset Summary 

System Informatio! 
Agent Summary 
Network Information 
Open Ports 

Installed Software 
Vulnerabilities 

File Integrity Monitoring 
Indication of Compromise 
Alert Notifications 


Azure VM Information 


Threat Protection Summary 


Total Vulnerabilities by RTis 
M Zero Day 


72 “# Э. B Easily Exploitable 
^ 


Unpatchable 
M Active Attacks 


LATEST THREATS FROM LIVE FEED 


Title 

OpenSSH User name Enumeration Vulnerability : CVE-2018-15473 
L1 Terminal Fault /Foreshadow Attack aka L1TF Attack 

PoC Exploit available for CVE-2018-15473 

PoC Exploit available for CVE-2018-15473 

PoC Exploit available for CVE-2018-15473 

PoC Exploit available for CVE-2018-15473 

PoC Exploit available for CVE-2018-15473 

PoC Exploit available for CVE-2018-15473 

SegmentSmack: CVE-2018-5390 


WM High Lateral Movement 
@ High Data Loss 
W Vulnerable to DOS 


@ Public Exploit 


Published 


8/29/2018 
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Cloud Agent Roadmap 


Agent Releases 

* Mac 1.7.2 - released Aug 29 

* Linux 2.1 upgrade from 2.0 (FIM) - released Aug 29 

* Linux 2.2 - Dec rollout for Policy Compliance UDCs 

* Windows 2.1.1 rollout - started Oct 17 / complete Oct 22 
° httpos://www.qualys.com/documentation/release-notes 


Features 
* Cloud Provider Metadata (AWS, Azure, GCP) - available 
e EC2 Connector / Cloud Agent merge - available 
* Nov - Windows agent to support Patch Management Beta 
e Dec - Policy Compliance UDCs (Windows / Linux / AIX ) 
• Dec - Agent Lifecycle Management 
(Public cloud State-based w/ Connector / Any asset using Time-based) 
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QUALYS SECURITY CONFERENCE 2018 


@sc. 


Thank You 


Chris Carlson 
ccarlson@qualys.com 


